Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Focus-Microsoft
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: Authenticating with TLS against Active Directory

from [James D. Stallard] Network Security [Permanent Link]
Subject: RE: Authenticating with TLS against Active Directory
Date: Mon, 10 Sep 2007 17:46:08 +0100 
Thank you for your answers, this is what I did:

. Download the MS ISS6.0 Resource Kit.
. Install (using custom install) SelfSSL on the machine you wish to generate
the Self-Signed Certificate for (I used DC01.ad.local).
. Run the command: "selfssl /N:CN=DC01.ad.local /K:1024 /V:1825 /S:1
/P:443". Research the command FIRST if you're running this on an IIS Server.
. Ignore the message "Error opening metabase: 0x80040154" - which appears if
IIS isn't installed.
. Using the Certificates MMC snap-in (configured for the local Computer
Account), go to Personal\Certificates and export the public key. We needed
Base64 encoding for our linux app.
. Import the newly created .CER file into whatever app needs to authenticate
on the Active Directory and point the app to the server that has the
certificate installed (in this case DC01.ad.local).

Don't forget to backup the private key!

Keep in mind that this is a 5 year cert (/v:1825) and will only authenticate
against the specified Domain Controller (DC01.ad.local). It's vastly
preferred to do a proper PKI design, but this solves the issue while we
decide on whether PKI is for us.

Cheers

James

-----Original Message-----
From: listbounce@securityfocus.com [mailto:listbounce@securityfocus.com] On
Behalf Of James D. Stallard
Sent: 06 September 2007 14:39
To: focus-ms@securityfocus.com
Subject: Authenticating with TLS against Active Directory


I have a Windows Server 2003 R2 Active Directory and a Linux box running an
application (called Collage) whose users I would like to authenticate
against the AD. The application only supports TLS, so I need a certificate.
However, I do not have the time on this job to properly design and deploy
PKI, so I'm looking for a one-off solution.

My questions are therefore:

. If I create a self-signed certificate (using SelfSSL.EXE from the IIS
reskit), install it on a Domain Controller and export it, can I use that to
authenticate my Linux application?
. Is there a better way of achieving the same goal?

Thanks in advance
Cheers

James

James D. Stallard CITP
Chief Technical Architect
Leafgrove Limited
Web: www.leafgrove.com
LinkedIn: www.linkedin.com/in/jamesdstallard
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  AAA that Acquire from Lotus Domino 7.02, Toto
Next by Date:  SecurityFocus Microsoft Newsletter #359, rkeith
Previous by Thread:  Re: Authenticating with TLS against Active Directory, Christoph Gruber
Next by Thread:  RE: Active Directory, Wayne Anderson
Indexes:  [Date] [Thread] [Top] [All Lists]